<?php

if (!defined('BASEPATH'))
    exit('No direct script access allowed');

class Paypal extends MY_Controller {

    public function __construct() {
        parent::__construct();
    }

    /**
     *   
     *    
     */
    public function index() {
        $data['title'] = lang('register_title');
        $data['keywords'] = lang('register_keywords');
        $data['description'] = lang('register_description');

        // Definisi koji se view ucitava
        $data['contents'] = 'payform';
        $this->load->view('template/main', $data);
    }

    public function payments() {

        $return_url = 'http://example.com/payment-successful.htm';
        $cancel_url = 'http://example.com/payment-cancelled.htm';
        $notify_url = 'http://example.com/paypal/payments.php';
        $paypal_email = 'tlocalhost-facilitator@gmail.com';
        $item_name = 'Test Item';

        $item_amount = $this->input->post('package');
        
        if (!isset($_POST["txn_id"]) && !isset($_POST["txn_type"])) {

            // Firstly Append paypal account to querystring
            $querystring .= "?business=" . urlencode($paypal_email) . "&";

            // Append amount& currency (£) to quersytring so it cannot be edited in html
            //The item name and amount can be brought in dynamically by querying the $_POST['item_number'] variable.
            $querystring .= "item_name=" . urlencode($item_name) . "&";
            $querystring .= "amount=" . urlencode($item_amount) . "&";

            //loop for posted values and append to querystring
            foreach ($_POST as $key => $value) {
                $value = urlencode(stripslashes($value));
                $querystring .= "$key=$value&";
            }

            // Append paypal return addresses
            $querystring .= "return=" . urlencode(stripslashes($return_url)) . "&";
            $querystring .= "cancel_return=" . urlencode(stripslashes($cancel_url)) . "&";
            $querystring .= "notify_url=" . urlencode($notify_url);
            echo $querystring;   
            // Append querystring with custom field
            //$querystring .= "&custom=".USERID;
            // Redirect to paypal IPN
            //
            header('location:https://www.sandbox.paypal.com/cgi-bin/webscr' . $querystring);
            exit();
        } else {
            // Response from Paypal
            // read the post from PayPal system and add 'cmd'
            $req = 'cmd=_notify-validate';
            foreach ($_POST as $key => $value) {
                $value = urlencode(stripslashes($value));
                $value = preg_replace('/(.*[^%^0^D])(%0A)(.*)/i', '${1}%0D%0A${3}', $value); // IPN fix
                $req .= "&$key=$value";
            }

            // assign posted variables to local variables
            $data['item_name'] = $_POST['item_name'];
            $data['item_number'] = $_POST['item_number'];
            $data['payment_status'] = $_POST['payment_status'];
            $data['payment_amount'] = $_POST['mc_gross'];
            $data['payment_currency'] = $_POST['mc_currency'];
            $data['txn_id'] = $_POST['txn_id'];
            $data['receiver_email'] = $_POST['receiver_email'];
            $data['payer_email'] = $_POST['payer_email'];
            $data['custom'] = $_POST['custom'];

            // post back to PayPal system to validate
            $header = "POST /cgi-bin/webscr HTTP/1.0\r\n";
            $header .= "Content-Type: application/x-www-form-urlencoded\r\n";
            $header .= "Content-Length: " . strlen($req) . "\r\n\r\n";

            $fp = fsockopen('ssl://www.sandbox.paypal.com', 443, $errno, $errstr, 30);

            if (!$fp) {
                // HTTP ERROR
            } else {
                mail('ash@evoluted.net', '0', '0');
                fputs($fp, $header . $req);
                while (!feof($fp)) {
                    $res = fgets($fp, 1024);
                    if (strcmp($res, "VERIFIED") == 0) {

                        // Validate payment (Check unique txnid & correct price)
                        $valid_txnid = check_txnid($data['txn_id']);
                        $valid_price = check_price($data['payment_amount'], $data['item_number']);
                        // PAYMENT VALIDATED & VERIFIED!
                        if ($valid_txnid && $valid_price) {
                            $orderid = updatePayments($data);
                            if ($orderid) {
                                // Payment has been made & successfully inserted into the Database
                            } else {
                                // Error inserting into DB
                                // E-mail admin or alert user
                            }
                        } else {
                            // Payment made but data has been changed
                            // E-mail admin or alert user
                        }
                    } else if (strcmp($res, "INVALID") == 0) {

                        // PAYMENT INVALID & INVESTIGATE MANUALY!
                        // E-mail admin or alert user
                    }
                }
                fclose($fp);
            }
        }
    }

}

?>
